├── README.md ├── gf_patterns ├── java_file_recon.sh └── output.html /README.md: -------------------------------------------------------------------------------- 1 | # mini_recon 2 | Mini recon script to identify the links and sensitive information from a particular link 3 | -------------------------------------------------------------------------------- /gf_patterns: -------------------------------------------------------------------------------- 1 | aws-keys 2 | firebase 3 | json_file 4 | s3-buckets 5 | sec 6 | ip 7 | upload-fields 8 | 9 | -------------------------------------------------------------------------------- /java_file_recon.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/bin/bash 3 | 4 | #Function1 5 | getURL(){ 6 | rm -rf url.txt files_tmp.txt JScanner_links.txt custom_regex.txt url.txt nuclei-result files.txt 7 | #Read input value from the user. Example: https://example.com/page1 8 | read -p "Enter the URL to be processed:" value 9 | #To extract only domain name from the given URL. Example: example.com 10 | domain=`echo "$value" | python3 -c "import re,sys; str0=str(sys.stdin.readlines()); str1=re.search('(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]', str0); print(str1.group(0)) if str1 is not None else exit()" | sed 's/www\.//g'` 11 | if [ -z "$value" ];then 12 | echo "Input value is empty.Please enter the URL." 13 | exit 14 | else 15 | echo $value > url.txt 16 | fi 17 | if [ -z "$domain" ];then 18 | echo "Domain value is empty.Please enter the domain value." 19 | exit 20 | fi 21 | } 22 | 23 | #Function2 24 | #Function to enumerate all files existing under the URL(s) 25 | enum_FILES(){ 26 | cat url.txt > files_tmp.txt 27 | cat url.txt | subjs | anew files_tmp.txt 28 | if [ -z "$cookie" ];then 29 | #echo "check1" 30 | ### Hakcrawler tool will crawl the domain value and extract all links,js files associated with it. 31 | echo $value | ~/go/bin/hakrawler -depth 3 -scope subs -plain | anew files_tmp.txt 32 | else 33 | #echo "check2" 34 | echo $value | ~/go/bin/hakrawler -depth 3 -scope subs -plain -cookie $cookie | anew files_tmp.txt 35 | fi 36 | cat files_tmp.txt | grep -i "$domain" | anew files.txt 37 | echo "!!All enumerated files are stored in files.txt file successfully!!" 38 | #cat files.txt 39 | } 40 | #Function3 41 | #Funtion to identify GF patterns 42 | gf_PATTERN(){ 43 | for i in $(cat gf_patterns) 44 | do 45 | for j in $(cat files.txt) 46 | do 47 | echo "----------------------------------------------------------------------------------------------" 48 | echo "URL:$j" 49 | echo "Pattern:$i" 50 | ### Load each JS file using curl command line browser and identify pattern in them 51 | curl -k --compressed $j --silent | tac |tac |gf $i 52 | echo "----------------------------------------------------------------------------------------------" 53 | done 54 | done 55 | } 56 | 57 | #Function5 58 | #For extracting links from URLs and Javascript files 59 | link_extractor(){ 60 | for i in $(cat files.txt) 61 | do 62 | echo "-------------------------Custom regex match $i-------------------------------" | anew JScanner_results.txt 63 | echo "URL Value:"$i 64 | ### Find the subdomains hidden inside JavaScipt files 65 | python3 /opt/tools/auto_recon/JSFinder/JSFinder.py -u $i -ou /opt/tools/auto_recon/mini_recon/links.txt -os /opt/tools/auto_recon/mini_recon/sub_domains.txt 66 | 67 | ### Find the hidden directory path from JavaScript files 68 | echo "$i" | python3 /opt/tools/javascript_enumeration/jsa/jsa.py | anew /opt/tools/auto_recon/mini_recon/links.txt 69 | 70 | ### Find secrets, sensitive information from JavaScript files 71 | python3 /opt/tools/javascript_enumeration/JScanner-3.0/JScanner.py -u $i -d $domain -t 40 | anew /opt/tools/auto_recon/mini_recon/JScanner_results.txt 72 | #hakrawler -url $i -linkfinder -scope strict -plain| cut -d " " -f1 | cut -d "\"" -f2 | anew JScanner_links.txt 73 | done 74 | 75 | ### Refine the output and removing the noise from the file 76 | grep -i "Found endpoint" /opt/tools/auto_recon/mini_recon/JScanner_results.txt | cut -d " " -f4 | anew /opt/tools/auto_recon/mini_recon/JScanner_links.txt 77 | grep -i "Custom regex match" /opt/tools/auto_recon/mini_recon/JScanner_results.txt | anew /opt/tools/auto_recon/mini_recon/custom_regex.txt 78 | cat /opt/tools/auto_recon/mini_recon/links.txt | anew /opt/tools/auto_recon/mini_recon/links.txt 79 | cat /opt/tools/auto_recon/mini_recon/sub_domains.txt | anew /opt/tools/auto_recon/mini_recon/sub_domains.txt 80 | } 81 | 82 | ##Funtion5 83 | #Nuclei function has been created to check for credentials and sensitive informations. 84 | nuclei-check() 85 | { 86 | 87 | cat url.txt /opt/tools/auto_recon/mini_recon/links.txt | nuclei -t /root/nuclei-templates/enumeration/ -silent | anew nuclei-result 88 | cat url.txt /opt/tools/auto_recon/mini_recon/links.txt | nuclei -t /opt/tools/javascript_enumeration/jsa/templates/ -silent | anew nuclei-result 89 | 90 | } 91 | 92 | 93 | #Script starts here 94 | echo "-------------------------------------------------------------" 95 | getURL 96 | enum_FILES 97 | gf_PATTERN 98 | link_extractor 99 | nuclei-check 100 | rm -rf files_tmp.txt 101 | -------------------------------------------------------------------------------- /output.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 55 | LinkFinder Output 56 | 57 | 58 |

File: file:///opt/tools/auto_recon/files.txt

59 | 60 | 61 | Report an issue. 62 | 63 | 64 | --------------------------------------------------------------------------------